Use -l with useradd

This product is not supported for your selected Datadog site. ().
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Metadata

ID: docker-best-practices/useradd-l-flag

Language: Docker

Severity: Warning

Category: Best Practices

Description

When building Docker images, using useradd -l ensures that the new user is created without adding entries to system login tracking files like /var/log/lastlog or /var/log/faillog. These files are irrelevant in containers since they don’t persist user sessions or keep login histories, and in minimal images they may not even exist, which can lead to errors or unnecessary file creation during build.

This makes your image smaller, cleaner, and more reliable. Since containers are designed to run processes rather than serve as full login environments, disabling login record tracking speeds up builds, avoids warnings, and follows best practices for lightweight, secure Docker images.

Non-Compliant Code Examples

RUN useradd -u 123456 foobar

Compliant Code Examples

RUN useradd -l -u 123456 foobar
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

シームレスな統合。 Datadog Code Security をお試しください

Datadog Code Security